Not many days pass without security being in the news in some form or another. Most of that news isn't good either. Services being attacked through vectors like DDoS, gaping holes in software that many people use everyday -- hello, Adobe and Java.
Now Google is taking its own steps to try and protect users. The company has already implemented SSL for many of its services, but the latest push is against zero-day vulnerabilities.
In the past IT departments have always been about crunching numbers and processing data. But emerging technologies are beginning to take IT into unfamiliar areas that in turn have an impact on the wider operation of the business.
Research specialist Gartner has identified six areas that it sees as potentially being adopted by business and which CIOs need to consider.
When we talk about surveillance online, it is almost always with reference to the NSA and activities in the US. But US citizens are far from being the only web users affected by surveillance. The NSA has long arms, but there are also similar activities going on in plenty of other countries. This week in the UK, the government is pushing through legislation that requires phone and internet companies to store information about customers' communication, and to hand it over to authorities on request. What made this particularly unusual was the fact that this was classed as emergency surveillance legislation with little to no debate and, more importantly, no public consultation whatsoever. Edward Snowden has plenty say on the matter, likening the British government to the NSA.
The legislation covers not only UK-based companies, but also those based in other countries who have gathered data about UK customers. It is in direct opposition to a recent European court ruling that said retention of data was a violation of European law. This in itself would be reason for any surveillance-related laws to be debated, but the government chose instead to use emergency measures -- usually reserved for times of war or disaster -- to push through laws it knows will prove unpopular. As we are now used to hearing, the surveillance is not about recording phone calls, or storing individual emails and text messages, but about retaining the related metadata -- who contacted who, when, for how long, from where, and so on.
Mobile security specialist Lacoon has released details of a new vulnerability in the Gmail app for iOS that may allow hackers to view or modify encrypted communications.
It allows attackers to use a Man-in-the-Middle (MitM) technique to impersonate a legitimate server using a spoofed SSL certificate.
As a test, Avast purchased 20 used and supposedly wiped Android phones and discovered that it was able to recover vast amounts of personal user data. My colleague Brian Fagioli reported the story here.
Google responded to the news, stating "This research looks to be based on old devices and versions (pre-Android 3.0) and does not reflect the security protections in Android versions that are used by the vast majority of users". It went on to offer users advice on how to make sure when selling an old mobile phone you aren’t also gifting your personal data to buyers.
An international operation involving law enforcement and private sector organizations has been set up to combat the Shylock banking trojan. Shylock, which gets its name because the code contains lines from Shakespeare's The Merchant of Venice, is thought to have infected at least 30,000 Windows computers worldwide.
To date Shylock has targeted the UK more than any other nation so the country's National Crime Agency (NCA) is coordinating the international effort. This also includes the FBI, Europol, BAE Systems Applied Intelligence, GCHQ, Dell SecureWorks, Kaspersky Lab and the German Federal Police.
Cloud storage is an increasingly popular way of storing and sharing data, but when using public services there's always a concern about how safe your information is.
But now a new startup aims to provide controlled sharing of data via an intelligent private cloud network. Sher.ly integrates your existing hard drives into a private, tightly controlled cloud network. Rather than have to send out open links to files or share copies across a public cloud, organizations and individuals can have the security of invite-only, limited-access file-sharing that keeps data on the devices that produced it.
The ability to print directly from the cloud or a mobile phone or tablet creates obvious advantages, helping to make everyday business activities much more efficient. Ease of access, however, also creates security challenges that businesses must overcome in order to help keep sensitive information safe.
In a recent Dell global security survey, nearly three quarters of the organizations questioned said that they had suffered a security breach at some point. And security isn't just an issue for large corporations; no matter how big or small your business is, you'll definitely have information on file that needs to be kept safe. This could be personal data, bank details, or even a simple contacts database.
Allowing employees to use their own devices is an increasingly popular trend, but BYOD opens up security threats that can leave company data vulnerable. A new survey commissioned by security specialists Webroot looks at the reality of mobile security.
In particular it focuses on the difference in perception between companies and employees when it comes to securing mobile devices. Whilst there are some areas of agreement there are also signs that some employees don't take adequate steps to protect company data.
Phones hit the headlines for lots of reasons -- the biggest, the most expensive, the shiniest, or just the newest. We live in times in which security and privacy are major concerns for people in all walks of life. The activities of the NSA, as revealed by Edward Snowden, served only to heighten paranoia -- the prospect of having one's phone calls and text messages intercepted is something that fills few people with joy. Enter Vysk communicastions' Vysk QS1 phone case which can be used with an iPhone 5 or 5s, and a Samsung Galaxy S5 or S4. The selling point here is that it's not just your phone that's protected, but also your privacy.
The privacy features come in mechanical and software forms. On the mechanical front there are "shutters" that can be used to obscure your phone's front and rear cameras, and there's also a jamming system for microphones. This is described by Vysk as "Lockdown Mode", but you can take things a step further. For $9.95 you can subscribe to "Private Call Mode". This introduces encryption to your texts and phone calls, with an onboard processor taking care of encryption on the fly and sent via the Vysk encrypted network. As Vysk puts it: "No one -- not even Vysk -- will know the identity of the caller or the recipient. No data is collected -- no phone numbers, call times or content - so there is no data to record. Because nothing is recorded, nothing is at risk."
We're growing accustomed to companies releasing transparency reports -- all seem to want to get in on the action and make themselves look good for the public. The latest report rolls out of US mobile carrier Verizon, and reveals the usual amount of troubling data requests. The most prominent being for customer location data.
Unlike some reports, the carrier provides actual numbers, as opposed to estimates. We see that the company received 72,342 subpoenas in the first half of 2014 (a number that is actually down compared to the second half of 2013), and 14,977 warrants. As for other requests, we only get estimates there -- for instance between zero and 999 national security requests were received.
Ransomware has proved to be a successful business model for cybercrooks and a recent study shows that IT professionals still see it as a major and growing area of concern.
In a study by security awareness training specialist KnowBe4 88 percent of the 300 professionals surveyed said they expected ransomware to grow over the rest of this year. Attacks are also shifting from desktops to mobile devices, leading to problems for BYOD users.
Earlier this week we covered the debate on whether Android users need malware protection. If further fuel for the argument was needed it comes in the form of Russian security firm Dr.Web's monitoring of Android threats.
Until recently embedded advertising modules have topped Dr.Web's malicious program rankings, but statistics for recent months indicate that an Android SMS bot Trojan has been spreading at an alarming rate.
Microsoft has been forced into a climb-down by returning 23 domains that were seized for allegedly being behind malware infecting Windows computers across the globe.
No-IP’s domains, which were seized on June 30 after a court order allowed Microsoft to do so, were implicated in an investigation into various domains being used by cybercriminals to operate the Bladabindi and Jenxcus malware families.
All businesses insure against risks like fire, flood and theft. Insuring against cyberrisks though is a relatively new field and it's hard to know how much cover is adequate.
According to a new report from NSS Labs, US retailer Target had $100 million worth of cybersecurity coverage at the time of its breach last year. But with losses estimated at $88 million by May this year and a number of lawsuits still pending it looks like that cover won't be enough.